Re: Writing a rule to access SA ClamAV Plugin Header
Hi there, OliverScott schrieb: > There is a SpamAssassin plugin which checks messages with ClamAV, which adds > the following header to emails it processes: > > X-Spam-Virus: Yes ($VirusName) > > http://wiki.apache.org/spamassassin/ClamAVPlugin the plugin is running here too, but it doesn't add this header, might there a problem with my Spamassassin Version? SpamAssassin version 3.1.7 running on Perl version 5.8.4 cause i'm not able to use Scoring depending on the String in Scoring. kind regards \jd signature.asc Description: OpenPGP digital signature
Re: Writing a rule to access SA ClamAV Plugin Header
On 07/24/07 15:00, Wolfgang Zeikat wrote:
> In SA 3.1.8, I am trying to use the clamav plugin from
> http://wiki.apache.org/spamassassin/ClamAVPlugin
>
> spamassassin -t -D output includes dbg: ClamAV: Detected virus:
> Email.Stk.Gen596.Sanesecurity.07071900.pdf
>
> It adds a header X-Spam-Virus: Yes
> (Email.Stk.Gen596.Sanesecurity.07071900.pdf) allright, but additional
> rules to check for sanesecurity "virus" names are not matched.
>
> Rules:
>
> header __MY_CLAMAV X-Spam-Virus =~ /Yes/i
> header __MY_CLAMAV_SANE X-Spam-Virus =~ /Yes.{1,50}Sanesecurity/i
> meta MY_CLAMAV_SANE (__MY_CLAMAV && __MY_CLAMAV_SANE)
> score MY_CLAMAV_SANE 5
>
> Any suggestions what is going wrong?
>
On 07/24/07 15:43, OliverScott wrote:
> # Give the above rules a very late priority so that they can see the
> output
> # of previous rules - otherwise they don't work! Not sure what the
> correct # priority should be but this seems to work...
> In your case you could fix what you have done (which looks to be
> taken from
> one of my previous messages while trying to get this to work myself?)
> by making it:
>
> header __MY_CLAMAV X-Spam-Virus =~ /Yes/i
> priority __MY_CLAMAV
> header __MY_CLAMAV_SANE X-Spam-Virus =~ /Yes.{1,50}Sanesecurity/i
> priority __MY_CLAMAV_SANE
> meta MY_CLAMAV_SANE (__MY_CLAMAV && __MY_CLAMAV_SANE)
> score MY_CLAMAV_SANE 5
(typo fixed)
>
>
> Hope this helps!
Yes it does, thanks again.
> full CLAMAV eval:check_clamav()
> describe CLAMAV Clam AntiVirus detected something...
> score CLAMAV 0.001
If you don't want CLAMAV to score (high), apparently you can rename it
to __CLAMAV, works fine here.
To make the meta rule work too, I had to give it a higher priority
number than the header rules, so that my working clamav.cf is now:
loadplugin ClamAV /etc/mail/spamassassin/clamav.pm
full __CLAMAV eval:check_clamav()
describe __CLAMAV Clam AntiVirus detected a virus
header __MY_CLAMAV X-Spam-Virus =~ /Yes/i
priority __MY_CLAMAV 9998
header __MY_CLAMAV_SANE X-Spam-Virus =~ /Yes.{1,50}Sanesecurity/i
priority __MY_CLAMAV_SANE 9998
meta MY_CLAMAV_SANE (__CLAMAV && __MY_CLAMAV_SANE)
priority MY_CLAMAV_SANE
score MY_CLAMAV_SANE 5
I hereby add this important information (IMHO) to
this thread that is linked on
http://wiki.apache.org/spamassassin/ClamAVPlugin
Regards,
wolfgang
Re: Writing a rule to access SA ClamAV Plugin Header
Jonas Eckerman writes:
> > There is a SpamAssassin plugin which checks messages with
> > ClamAV, which adds the following header to emails
>
> > What I would like to do would be to score the ClamAV
> > detection differently depending on whether it was
>
> Your problem is that the ClamAV plugin doesn't add a header as
> metadata to the message, so there is no header to check in rules.
>
> Fortunately, you only have to add one single line to the plugin
> in order to add the header. This is the line I've added here:
>
> $permsgstatus->{msg}->put_metadata('ClamAV-Result',$header);
>
> It's added directly before the line
> and makes it possible to use the header "ClamAV-Result" in rules
> (and to get it from the mail object, wich is what I do).
>
> For your rules to work as is you'd want to add it as:
>
> $permsgstatus->{msg}->put_metadata('X-Spam-Virus',$header);
>
> Add the line directly above the line:
>
> return $isspam;
This is a good idea. I've modified the plugin code on the wiki to
include this. thanks Jonas!
--j.
> Regards
> /Jonas
>
> OliverScott wrote:
> > There is a SpamAssassin plugin which checks messages with ClamAV, which adds
> > the following header to emails it processes:
> >
> > X-Spam-Virus: Yes ($VirusName)
> >
> > http://wiki.apache.org/spamassassin/ClamAVPlugin
> >
> > By default you can set a score in its clamav.cf file:
> >
> > score CLAMAV 10
> >
> > I am currently testing a 3rd party set of ClamAV definitions from a website
> > called www.sanesecurity.co.uk which look to be very effective against some
> > phishing and image spam emails. When it fires on an email the headers the
> > ClamAV plugin adds are as follows:
> >
> > X-Spam-Virus: Yes ($Name.Sanesecurity)
> >
> > What I would like to do would be to score the ClamAV detection differently
> > depending on whether it was detected by the ClamAV default signatures
> > (virus) or the Sanesecurity signatures (spam). I have tried adding the
> > following to local.cf but it doesn't seem to be working:
> >
> > header __MY_CLAMAV X-Spam-Virus =~ /Yes/i
> > header __MY_CLAMAV_SANE X-Spam-Virus =~ /Yes.{1,50}Sanesecurity/i
> > meta MY_CLAMAV (__MY_CLAMAV && !__MY_CLAMAV_SANE)
> > meta MY_CLAMAV_SANE (__MY_CLAMAV && __MY_CLAMAV_SANE)
> > score MY_CLAMAV 10
> > score MY_CLAMAV_SANE 5
> >
> > Any suggestions?
>
> --
> Jonas Eckerman, FSDB & Fruktträdet
> http://whatever.frukt.org/
> http://www.fsdb.org/
> http://www.frukt.org/
Re: Writing a rule to access SA ClamAV Plugin Header
> There is a SpamAssassin plugin which checks messages with
> ClamAV, which adds the following header to emails
> What I would like to do would be to score the ClamAV
> detection differently depending on whether it was
Your problem is that the ClamAV plugin doesn't add a header as
metadata to the message, so there is no header to check in rules.
Fortunately, you only have to add one single line to the plugin
in order to add the header. This is the line I've added here:
$permsgstatus->{msg}->put_metadata('ClamAV-Result',$header);
It's added directly before the line
and makes it possible to use the header "ClamAV-Result" in rules
(and to get it from the mail object, wich is what I do).
For your rules to work as is you'd want to add it as:
$permsgstatus->{msg}->put_metadata('X-Spam-Virus',$header);
Add the line directly above the line:
return $isspam;
Regards
/Jonas
OliverScott wrote:
There is a SpamAssassin plugin which checks messages with ClamAV, which adds
the following header to emails it processes:
X-Spam-Virus: Yes ($VirusName)
http://wiki.apache.org/spamassassin/ClamAVPlugin
By default you can set a score in its clamav.cf file:
score CLAMAV 10
I am currently testing a 3rd party set of ClamAV definitions from a website
called www.sanesecurity.co.uk which look to be very effective against some
phishing and image spam emails. When it fires on an email the headers the
ClamAV plugin adds are as follows:
X-Spam-Virus: Yes ($Name.Sanesecurity)
What I would like to do would be to score the ClamAV detection differently
depending on whether it was detected by the ClamAV default signatures
(virus) or the Sanesecurity signatures (spam). I have tried adding the
following to local.cf but it doesn't seem to be working:
header __MY_CLAMAV X-Spam-Virus =~ /Yes/i
header __MY_CLAMAV_SANE X-Spam-Virus =~ /Yes.{1,50}Sanesecurity/i
meta MY_CLAMAV (__MY_CLAMAV && !__MY_CLAMAV_SANE)
meta MY_CLAMAV_SANE (__MY_CLAMAV && __MY_CLAMAV_SANE)
score MY_CLAMAV 10
score MY_CLAMAV_SANE 5
Any suggestions?
--
Jonas Eckerman, FSDB & Fruktträdet
http://whatever.frukt.org/
http://www.fsdb.org/
http://www.frukt.org/
Writing a rule to access SA ClamAV Plugin Header
There is a SpamAssassin plugin which checks messages with ClamAV, which adds
the following header to emails it processes:
X-Spam-Virus: Yes ($VirusName)
http://wiki.apache.org/spamassassin/ClamAVPlugin
By default you can set a score in its clamav.cf file:
score CLAMAV 10
I am currently testing a 3rd party set of ClamAV definitions from a website
called www.sanesecurity.co.uk which look to be very effective against some
phishing and image spam emails. When it fires on an email the headers the
ClamAV plugin adds are as follows:
X-Spam-Virus: Yes ($Name.Sanesecurity)
What I would like to do would be to score the ClamAV detection differently
depending on whether it was detected by the ClamAV default signatures
(virus) or the Sanesecurity signatures (spam). I have tried adding the
following to local.cf but it doesn't seem to be working:
header __MY_CLAMAV X-Spam-Virus =~ /Yes/i
header __MY_CLAMAV_SANE X-Spam-Virus =~ /Yes.{1,50}Sanesecurity/i
meta MY_CLAMAV (__MY_CLAMAV && !__MY_CLAMAV_SANE)
meta MY_CLAMAV_SANE (__MY_CLAMAV && __MY_CLAMAV_SANE)
score MY_CLAMAV 10
score MY_CLAMAV_SANE 5
Any suggestions?
--
View this message in context:
http://www.nabble.com/Writing-a-rule-to-access-SA-ClamAV-Plugin-Header-tf4007944.html#a11382177
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
